package com.woniu.defecttracking.config;


import com.woniu.defecttracking.exception.LoginErrorHandler;
import com.woniu.defecttracking.exception.LoginSuccessHandler;
import com.woniu.defecttracking.filter.AccessFilter;
import com.woniu.defecttracking.mapper.ResourceMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import javax.annotation.Resource;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true) //开启基于方法的安全认证机制
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    private LoginErrorHandler handler = new LoginErrorHandler();
    @Autowired
    private StringRedisTemplate srt;
    @Resource
    private ResourceMapper resourceMapper;


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //取消默认的认证拦截
        http.addFilterAfter(new AccessFilter(handler,srt,resourceMapper), FilterSecurityInterceptor.class)
            .httpBasic().disable()
            //取消csrf防御拦截器
            .csrf().disable()
            //设置认证拦截的方式
            .authorizeRequests()
                .antMatchers("/login","/account/notLogin","/account/isSuper",
                        "/account/updateAccount","/account/getOne/*","/menus/findMenusByAccount/*").permitAll()
                .anyRequest().authenticated()
                .and()
            //设置自定义登录配置
            .formLogin()
                .loginPage("/account/notLogin")
                .loginProcessingUrl("/login")
                //添加成功登录的处理器对象
                .successHandler(new LoginSuccessHandler())
                //添加登录失败的处理器对象
                .failureHandler(new LoginErrorHandler())
                .and()
            .cors().configurationSource(getCors());
    }

    @Bean
    public PasswordEncoder createPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }

    //跨域设置
    public UrlBasedCorsConfigurationSource getCors() {
        UrlBasedCorsConfigurationSource cfs = new UrlBasedCorsConfigurationSource();
        CorsConfiguration cors = new CorsConfiguration();
        cors.addAllowedOriginPattern("*");
        cors.addAllowedMethod("*");
        cors.setAllowCredentials(true);
        cors.addAllowedHeader("*");
        cfs.registerCorsConfiguration("/**", cors);
        return cfs;
    }

//    public static void main(String[] args) {
//        BCryptPasswordEncoder en = new BCryptPasswordEncoder();
//        String encode = en.encode("111111");
//        System.out.println(encode);
//    }
}
